Overview
- Description
- In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B376347-8275-422E-85EB-FFF06DD4B163"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94D99965-4042-45FB-9DD1-E2179BC2CB04"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8736E5E3-BF1A-4E3C-92B9-E81C4F7B4877"
}
],
"operator": "OR"
}
]
}
]